- dtucker@cvs.openbsd.org 2004/02/27 22:42:47

     [dh.c]
     Prevent sshd from sending DH groups with a primitive generator of zero or
     one, even if they are listed in /etc/moduli.  ok markus@

diff --git a/ChangeLog b/ChangeLog
index e9cda2a0a2a11145d42107d2aecf7979378938bb..9fa11f5fd850a68b70d714e8a9a0e2246f9ed338 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,10 @@
    - djm@cvs.openbsd.org 2004/02/25 00:22:45
      [sshd.c]
      typo in comment
+   - dtucker@cvs.openbsd.org 2004/02/27 22:42:47
+     [dh.c]
+     Prevent sshd from sending DH groups with a primitive generator of zero or
+     one, even if they are listed in /etc/moduli.  ok markus@
 
 20040226
  - (bal) KNF our sshlogin.c even if the code looks nothing like upstream

diff --git a/dh.c b/dh.c
index c7a3e18be82afb4bebe659ce1c9e1a8e16aa1a51..b58b8bc28c0ce7eb348fedbf8ace37dc13f66253 100644 (file)
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.27 2004/02/27 22:42:47 dtucker Exp $");
 
 #include "xmalloc.h"
 
@@ -91,6 +91,9 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
        if (BN_num_bits(dhg->p) != dhg->size)
                goto failclean;
 
+       if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
+               goto failclean;
+
        return (1);
 
  failclean: